Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401293.roa
File:                     AS401293.roa (raw, json)
Hash identifier:          DU4RsxsSYXe/kJPQlmheoOgLESlzlR4UTVwl25imMHs=
Subject key identifier:   5B:BB:81:05:80:5C:CB:5B:FE:63:63:68:AC:79:CB:B1:FB:28:37:ED
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       23F09FF2C489DC6E145AA434A56E992F71C59AFA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401293.roa
Signing time:             Wed 08 Apr 2026 07:29:47 +0000
ROA not before:           Wed 08 Apr 2026 07:24:47 +0000
ROA not after:            Wed 07 Apr 2027 07:29:47 +0000
asID:                     401293
IP address blocks:        143.14.248.0/24 maxlen: 24
                          148.135.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:f0:9f:f2:c4:89:dc:6e:14:5a:a4:34:a5:6e:99:2f:71:c5:9a:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  8 07:24:47 2026 GMT
            Not After : Apr  7 07:29:47 2027 GMT
        Subject: CN=5BBB8105805CCB5BFE636368AC79CBB1FB2837ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:61:71:6a:04:6a:21:f5:00:5f:01:f2:e1:42:
                    b5:12:de:5b:1e:5c:03:d5:db:3e:f1:04:42:48:e7:
                    34:fb:30:16:76:a7:b1:3c:c2:52:87:e1:5d:d3:4b:
                    f0:ed:87:90:05:c4:6c:18:b0:c4:76:c4:70:2f:e2:
                    de:88:cb:8e:90:8e:fa:ae:18:b9:2a:eb:f7:12:3e:
                    ff:15:29:d2:c1:13:91:ba:ba:e0:9d:4b:b6:68:cc:
                    77:e4:e0:11:41:aa:4e:38:86:38:53:e7:87:d3:c4:
                    c7:71:ad:05:93:b1:81:2b:fe:2b:50:69:52:89:0b:
                    fc:46:14:d8:b2:3a:86:03:e7:e4:68:5e:9c:d4:1c:
                    63:82:1f:d4:16:46:1d:a5:fb:8e:44:84:38:a1:1e:
                    1a:97:be:2c:02:bb:d4:7f:c1:52:cd:ca:16:ab:78:
                    d4:b2:26:17:99:22:69:55:f5:c0:2b:3c:52:47:2d:
                    e8:40:e0:86:68:85:6f:3f:7e:be:d1:e9:61:ff:2a:
                    2d:93:15:3f:ad:d0:be:31:2e:33:b3:85:77:71:42:
                    48:80:05:14:14:f6:0d:d6:55:22:b1:28:0d:0d:b9:
                    60:7e:57:73:fc:e2:fb:cb:89:db:cd:e4:69:df:95:
                    ba:dc:f1:f1:10:c3:8e:b2:a3:7c:a6:bf:5f:4e:d1:
                    07:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BB:81:05:80:5C:CB:5B:FE:63:63:68:AC:79:CB:B1:FB:28:37:ED
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.248.0/24
                  148.135.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d9:b9:36:97:ae:46:c6:f3:63:96:78:84:a3:9c:e3:8e:45:
         6a:f5:60:11:d4:95:96:aa:c4:4b:b4:41:22:4b:3e:a0:8f:6a:
         19:ca:30:ea:34:d3:2a:c6:4f:35:c2:f2:ea:6e:e3:fb:92:af:
         12:22:92:e2:4e:37:bd:31:5d:7f:f1:3a:f8:37:de:87:78:38:
         54:77:7a:3f:83:5a:0e:7a:cb:7b:50:ff:49:a4:e7:a7:98:d1:
         3b:5b:bc:f8:ef:4e:f8:dc:f3:4d:88:d1:9e:2f:35:1d:50:c6:
         07:2e:d2:fb:7a:06:03:19:d9:e6:ee:6d:38:08:2d:8e:79:08:
         7a:9c:b5:70:84:ec:09:3a:36:bf:02:9d:30:0c:3d:b3:4f:0c:
         4a:b2:0f:68:7d:9c:12:9a:ea:59:d0:02:36:fa:f4:3d:e3:26:
         59:ea:d8:52:72:f1:60:94:74:d6:32:6f:9d:e9:68:ff:66:df:
         cc:9b:37:2e:72:8f:40:8d:a9:4c:02:43:95:58:ba:14:d2:8a:
         b3:36:15:02:7e:19:db:d9:39:aa:b6:17:5a:a4:7e:59:0b:86:
         16:55:23:42:b8:23:e3:aa:e5:f8:0d:89:dc:d5:ec:c7:90:74:
         52:a4:ee:4b:73:16:71:45:63:a4:cf:7e:73:67:76:d9:ce:d5:
         d6:51:0c:43
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUI/Cf8sSJ3G4UWqQ0pW6ZL3HFmvowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDgwNzI0NDdaFw0yNzA0MDcwNzI5NDdaMDMxMTAvBgNV
BAMTKDVCQkI4MTA1ODA1Q0NCNUJGRTYzNjM2OEFDNzlDQkIxRkIyODM3RUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkYXFqBGoh9QBfAfLhQrUS3lse
XAPV2z7xBEJI5zT7MBZ2p7E8wlKH4V3TS/Dth5AFxGwYsMR2xHAv4t6Iy46Qjvqu
GLkq6/cSPv8VKdLBE5G6uuCdS7ZozHfk4BFBqk44hjhT54fTxMdxrQWTsYEr/itQ
aVKJC/xGFNiyOoYD5+RoXpzUHGOCH9QWRh2l+45EhDihHhqXviwCu9R/wVLNyhar
eNSyJheZImlV9cArPFJHLehA4IZohW8/fr7R6WH/Ki2TFT+t0L4xLjOzhXdxQkiA
BRQU9g3WVSKxKA0NuWB+V3P84vvLidvN5Gnflbrc8fEQw46yo3ymv19O0QdvAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUW7uBBYBcy1v+Y2NorHnLsfsoN+0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAxMjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw74
AwQAlIfKMA0GCSqGSIb3DQEBCwUAA4IBAQBI2bk2l65GxvNjlniEo5zjjkVq9WAR
1JWWqsRLtEEiSz6gj2oZyjDqNNMqxk81wvLqbuP7kq8SIpLiTje9MV1/8Tr4N96H
eDhUd3o/g1oOest7UP9JpOenmNE7W7z470743PNNiNGeLzUdUMYHLtL7egYDGdnm
7m04CC2OeQh6nLVwhOwJOja/Ap0wDD2zTwxKsg9ofZwSmupZ0AI2+vQ94yZZ6thS
cvFglHTWMm+d6Wj/Zt/Mmzcuco9AjalMAkOVWLoU0oqzNhUCfhnb2TmqthdapH5Z
C4YWVSNCuCPjquX4DYnc1ezHkHRSpO5LcxZxRWOkz35zZ3bZztXWUQxD
-----END CERTIFICATE-----